Security News > 2023 > August > Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits
Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports.
"This flaw allows an unauthorized user to exploit the unauthenticated Openfire Setup Environment within an established Openfire configuration," cloud security firm Aqua said.
"As a result, a threat actor gains access to the admin setup files that are typically restricted within the Openfire Admin Console. Next, the threat actor can choose between either adding an admin user to the console or uploading a plugin which will eventually allow full control over the server."
Threat actors associated with the Kinsing malware botnet have been observed utilizing the flaw to create a new admin user and upload a JAR file, which contains a file named cmd.
In a sign that threat actors are always on the lookout for new flaws to exploit, an updated version of the DreamBus botnet malware has been observed taking advantage of a critical-severity remote code execution vulnerability in RocketMQ servers to compromise devices.
In the attacks detected by Juniper Threat Labs since June 19, 2023, successful exploitation of the flaw paves the way for the deployment of a bash script called "Reketed," which acts as the downloader for the DreamBus botnet from a TOR hidden service.
News URL
https://thehackernews.com/2023/08/alert-juniper-firewalls-openfire-and.html
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Palo Alto Networks warns of firewall hijack bugs with public exploit (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)